Any organization thatis unwilling to believeit may have alreadybeen penetrated andthat is not activelylooking for signs ofintrusion beyondwhat its networkblack boxes aretelling it is living in afantasy world.

Application security is a people, process, and technologyproblemthroughout the entire software development life cycle… because themost effective approaches to application security include improvementsin all of these areas.

Despite spending $12B on Enterprise IT security in 2003, exploitation of software vulnerabilities costs the USeconomyover $10B, and we continue to see increases in the number of reported vulnerabilities, the numberof incidents, and thecost per incident.